Double Clicking on Office Documents Could Execute Arbitrary Code.

If certain DLL files are present on a system running Windows 98 or Windows 2000 they can be exploited to execute native code. This could lead to an attacker gaining full control over a system. It has been reported that this attack also works via UNC shares.

DEMONSTRATION

If either RICHED20.DLL or MSI.DLL are present on the system and in the same directory as Office documents double clicking on the Office documents will execute the code in DllMain () of the above DLLs.

John Savill's Hyper-V Master Class

Join John Savill for 12 hours of comprehensive Hyper-V training. This master-level online training course will explore all the key aspects of a Hyper-V based virtualization environment covering both current capabilities in Windows Server 2012 R2 and looking at the future with Windows Server vNext.